If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

CERT Quarterly Summary

Each quarter I get a summary of CERT activity. I thought that some of you may want a look at it.

Here ya go....

-----BEGIN PGP SIGNED MESSAGE-----

CERT Summary CS-2003-02

June 3, 2003

Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
Summary to draw attention to the types of attacks reported to our
incident response team, as well as other noteworthy incident and
vulnerability information. The summary includes pointers to sources of
information for dealing with the problems.

Since the last regularly scheduled CERT summary, issued in March 2003
(CS-2003-01), we have seen an integer overflow vulnerability within
Sun's XDR Library, multiple vulnerabilities in Lotus Notes and Domino
Server, a buffer overflow vulnerability in Sendmail, and multiple
vulnerabilities within Snort's preprocessors.

For more current information on activity being reported to the
CERT/CC, please visit the CERT/CC Current Activity page. The Current
Activity page is a regularly updated summary of the most frequent,
high-impact types of security incidents and vulnerabilities being
reported to the CERT/CC. The information on the Current Activity page
is reviewed and updated as reporting trends change.

An integer overflow vulnerability exists in the xdrmem_getbytes()
function distributed as part of the Sun Microsystems XDR library.
This overflow may allow a remote attacker to execute arbitrary
code on the victim machine.

Multiple vulnerabilities had been reported to affect Lotus Notes
clients and Domino servers. Due to the confusion surrounding these
vulnerabilities we released an advisory to clairfy the details of
the vulnerabilities, the versions affected, and the patches that
resolve these issues.

There are two vulnerabilities in the Snort Intrusion Detection
System, each in a separate preprocessor module. Both
vulnerabilities allow remote attackers to execute arbitrary code
with the privileges of the user running Snort, typically root

If you prefer to use DES, please call the CERT hotline for more
information.

Getting security information

CERT publications and other security information are available from
our web sitehttp://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins,
send email to majordomo@cert.org. Please include in the body of your
message

subscribe cert-advisory

* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
______________________________________________________________________

NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
_________________________________________________________________

Sometimes its hard to keep track of all the stuff that flies around on those mailing lists... the summary can be much nicer... though not as entertaining as some of the msgs that come through...

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.